This topic explains how to use ADSI Edit to control which
address lists a user can see when they use
Microsoft Office Outlook Web Access for
Microsoft Exchange Server 2007.

Before You Begin

To perform this procedure, the account you use must be
delegated the following:

The Account Operator role for the applicable
Active Directory containers.

The Exchange View-Only Administrator role to use the
Exchange Management Shell to find address list names.

For more information about permissions, delegating
roles, and the rights that are required to administer
Exchange Server 2007, see Permission
Considerations.

How QuerybaseDN Is Used

The parameter querybaseDN is found on
Active Directory user objects. By setting the value of
querybaseDN, you can control which address list a user has
access to through Outlook Web Access. You do this by
assigning the distinguished name of an address list or
organizational unit (OU) to the querybaseDN parameter.

The following conditions apply to the use of
querybaseDN:

If the querybaseDN parameter is not used, the user will
have access to the first global address list (GAL) that is listed
in the globalAddressList attribute for that user.

If the querybaseDN parameter is set to a specific
address list, the user will have access only to that address
list.

If the user uses Select Rooms in the Scheduling
Assistant, they will see only resources from the specified address
list.

If the querybaseDN parameter is set to a specific OU and
the displayAddressLists parameter is set to
$false, the user will not have access to any address
lists. If the querybaseDN parameter is set to a specific OU
and the displayAddressLists parameter is set to
$true, the user will have access only to users in the
OU that is specified by the querybaseDN parameter.

If the user uses Select Rooms in the Scheduling
Assistant, they will see only resources from the specified OU.

Procedure

To use ADSI Edit to limit the
address lists that are available to a user

Open ADSI Edit.

Locate the user for whom you want to set an address
list value.

Open the properties for that user, and then add the
appropriate value for the querybaseDN parameter.

Save the changes to that user's properties.

To find the distinguished name
of an address list or organizational unit

Open ADSI Edit.

Find the address list or OU that you want to use,
right-click it, and then click Properties.

Find the distinguished name of the OU.

To use the Exchange Management
Shell to find address lists in your organization

Open the Exchange Management Shell.

Enter Get-AddressList to return all the address
lists under the All Address Lists container.